AI in cybersecurity is exposing shadow AI governance gaps

At a glance

What this is: This podcast conversation argues that AI in cybersecurity is forcing security teams to treat shadow AI and agentic systems as identity governance problems, not just tooling questions.

Why it matters: It matters because IAM, IGA, PAM, and NHI programmes now have to govern AI-driven access and decision-making alongside human and machine identities.

👉 Read SPHERE Technology Solutions's podcast recap on AI in cybersecurity and shadow AI

Context

AI in cybersecurity is no longer only a detection or automation story. The governance gap now sits around visibility, ownership, and accountability for AI systems that can act without the same operating assumptions as human users or classic machine identities.

The podcast frames shadow AI as the most immediate identity problem because organisations cannot govern what they cannot inventory. That makes the topic relevant to NHI, autonomous systems, and human oversight models at the same time, especially where AI agents may touch sensitive systems or data.

Key questions

Q: What breaks when shadow AI is not inventoried and owned?

A: Identity governance breaks first, because unknown AI systems cannot be reviewed, constrained, or offboarded. That leaves hidden access paths in place even when the organisation believes policy is working. The practical failure is not only loss of visibility, but loss of accountability for actions taken through those systems.

Q: Why do AI-driven systems complicate IAM and PAM programmes?

A: They complicate IAM and PAM because access is no longer the whole problem. When a system can decide what to do at runtime, the organisation must govern behaviour, tool use, and downstream actions as well as the original entitlement. Existing controls built for static access struggle to absorb that shift.

Q: How do security teams know if AI oversight is actually working?

A: Look for three signals: every AI-enabled system has an owner, every sensitive action is logged, and every exception can be tied back to an approved decision path. If any of those is missing, oversight is partial at best and probably cosmetic. Control effectiveness should be measured through traceability, not confidence.

Q: Who is accountable when an AI system acts outside its intended scope?

A: The organisation is accountable, but operational accountability should sit with the named owner of the AI system and the team that approved its access. If no one can explain why the system had access or who could stop it, the governance model has failed. Accountability must be explicit before the AI is deployed.

Technical breakdown

Agentic AI as a new identity class

Agentic AI differs from conventional automation because it can combine tool use, runtime decision-making, and action sequencing in ways that look more like a governing identity than a fixed script. That matters because classic IAM and PAM controls assume a stable subject, stable intent, and a predictable approval path. When the actor can decide what to do next, the identity boundary shifts from login-time authentication to ongoing runtime governance. The practical problem is not just who signed in, but what the system is allowed to decide, access, and trigger during execution.

Practical implication: classify AI systems by their actual runtime authority before assigning them identity controls.

Shadow AI breaks inventory-based governance

Shadow AI is the unmanaged AI equivalent of shadow IT, but with a sharper identity consequence. If an AI feature, assistant, or embedded agent can send messages, query systems, or touch sensitive data without a named owner and recorded purpose, then access governance has already failed upstream. Inventory is the first control because policy cannot be enforced against unknown identities. This is especially important for NHI programmes, where secrets, tokens, and service access may be reused by hidden AI workflows that were never formally approved.

Practical implication: build and continuously refresh an inventory of AI-enabled identities, data paths, and owners.

Human oversight remains a control, not a comfort statement

The article’s emphasis on human judgment is a reminder that oversight is a governance function, not a morale slogan. Human review is still needed for ambiguous decisions, escalation handling, exception approval, and accountability assignment. But oversight only works if it is attached to clear ownership, scoped authority, and an auditable decision path. In identity terms, that means human reviewers must govern AI behaviour they can actually see, measure, and stop. Without that, the organisation gets the illusion of control rather than control itself.

Practical implication: require auditable human accountability for AI actions that cross trust, data, or privilege boundaries.

Threat narrative

Attacker objective: The objective is to operate through an AI identity or AI-enabled workflow that security teams do not know exists, making control, attribution, and containment much harder.

1. Entry begins when shadow AI is introduced into business workflows without formal identity inventory or ownership, allowing an unmanaged system to gain practical reach into enterprise tools.
2. Escalation occurs when the AI system is allowed to make runtime decisions, reuse credentials, or interact with sensitive data paths without governance checks tied to its actual behaviour.
3. Impact follows when hidden AI activity creates unauthorised access, unaudited actions, or trust failures that security teams cannot easily explain or contain.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Shadow AI is an identity inventory problem before it is an AI problem. The article correctly points to unknown AI use as the real danger because organisations cannot govern identities they have not discovered. That aligns with NHI governance reality: ownership, lineage, and approval matter more than whether the tool is branded as AI. Practitioners should treat undiscovered AI access as an identity hygiene failure, not a separate innovation issue.

Agentic AI turns access governance into runtime governance. Traditional IAM assumes the important question is who gets access. With autonomous or semi-autonomous AI, the harder question is what the actor does after access is granted, because decisions can chain into actions without a human pause. That shifts the control problem from static entitlement review to continuous behavioural supervision. Security teams should expect current IGA and PAM models to need reinterpretation, not just extension.

Human oversight remains the accountability anchor when machine behaviour becomes opaque. The conversation is right to keep human judgment in the frame because AI-driven systems still need someone who can accept responsibility for outcomes. But oversight only works when authority, evidence, and intervention paths are explicit. Practitioners should treat human approval as a governed control plane for AI actions, not as an informal backstop.

AI hygiene is now part of identity hygiene. The field is moving toward a model where human users, non-human identities, and AI agents all sit in the same governance boundary, but with different runtime risks. That means security programmes can no longer separate AI risk from identity risk without losing control of the attack surface. The practical conclusion is to unify inventory, ownership, and lifecycle governance across all three actor types.

Standing privilege is becoming a weaker assumption when AI can act continuously. Much of identity governance still assumes access is granted for a defined purpose and then reviewed later. Agentic systems disrupt that model by compressing action, decision, and access into the same execution window. Practitioners should recognise that review-based governance loses precision when the actor can complete the work before any review cycle begins.

From our research:

• Companies are dedicating an average of 32.4% of their security budgets to secrets management and code security, with US organisations leading at 40.8%, according to The State of Secrets in AppSec.
• Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
• The governance lesson extends beyond secrets hygiene, and 52 NHI Breaches Analysis is the clearest next step for understanding how unmanaged identities become breach paths.

What this signals

Shadow AI will force identity teams to merge discovery and governance. A programme that inventories human and machine identities but leaves AI assistants untracked is already incomplete. The practical next step is to treat AI discovery as part of the same operational boundary as secrets, workloads, and privileged accounts, then align the workflow with the NHI lifecycle discipline in the Ultimate Guide to NHIs.

AI hygiene is now an access-control issue, not just a policy issue. When AI systems can act on behalf of teams, the control question becomes whether a human can still explain, review, and interrupt the action chain. That is why IAM and PAM teams should map AI-enabled workflows against NIST SP 800-63 Digital Identity Guidelines for human accountability, then extend the model to non-human and autonomous identities.

Runtime visibility will become the differentiator. The organisations that adapt fastest will be the ones that can trace AI behaviour back to an owner, a purpose, and a revocation path. For a deeper breach lens on what happens when those paths are missing, practitioners should review 52 NHI Breaches Analysis and compare the failure patterns to their own AI inventory.

For practitioners

• Inventory shadow AI before expanding policy Map every AI-enabled workflow, assistant, and embedded agent to a named business owner, data path, and access method. If you cannot tie the AI to an accountable owner, treat it as an unmanaged identity and remove or isolate its access until governance is established.
• Classify AI systems by runtime authority Separate simple automation from systems that can choose tools, sequence actions, or continue without approval. Use that classification to decide whether the control set belongs in NHI, IAM, PAM, or an autonomous governance track.
• Extend access reviews to AI behaviour logs Review not only entitlements but also the actions AI systems actually performed, including data access, tool calls, and outbound communications. Where behaviour exceeds the intended scope, revoke the underlying identity path and document the control failure.
• Assign explicit human accountability for AI outcomes Name a business and security owner for every AI system that can influence decisions or touch sensitive data. Make escalation paths, approval thresholds, and intervention rights auditable so oversight exists before an incident occurs.

Key takeaways

• Shadow AI creates an identity governance gap because unknown AI systems cannot be reviewed, owned, or revoked with confidence.
• Agentic AI shifts security from static access control toward runtime accountability, behaviour tracing, and explicit human ownership.
• IAM, IGA, PAM, and NHI teams should unify discovery, logging, and lifecycle governance before AI-driven workflows outpace current controls.

Key terms

• Shadow AI: Shadow AI is any AI system, feature, or embedded agent that operates without formal security visibility, ownership, or approval. In identity terms, it is an unmanaged actor with potential access to data, tools, or secrets, which makes discovery a prerequisite for governance.
• Agentic AI: Agentic AI is software that can choose actions, select tools, and execute at runtime with limited or no human intervention. In governance terms, it behaves more like an identity subject than a fixed workflow, so controls must address decisions and outcomes, not just login events.
• Human Oversight: Human oversight is the accountable review and intervention layer for actions taken by automated or AI-driven systems. It only works when the reviewer has visibility, authority, and a clear path to stop or correct the action before damage becomes irreversible.
• Identity Inventory: Identity inventory is the complete discovery and classification of every human, non-human, and AI-enabled actor that can access systems or data. Without it, policy is detached from reality, and access control becomes a paper exercise rather than an operational control.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by SPHERE Technology Solutions: podcast highlights from Smells Like Identity Hygiene on AI in cybersecurity. Read the original.